This bulletin includes workaround instructions for use while this cumulative patch was being completed.

A buffer overrun vulnerability that affects an ActiveX control that is used to display specially formatted text. The control contains a buffer overrun vulnerability that can make it possible for an attacker to run code on a user's computer in the context of the user.

A vulnerability that involves how Internet Explorer handles an HTML directive that displays XML data. The directive is designed to only allow XML data from the Web site itself to be displayed. However, it does not correctly look for the case where a referenced XML data source is in fact redirected to a data source in a different domain. This flaw may make it possible for an attacker's Web page to open an XML-based file that resides on a remote computer in a browser window that the site can read. An attacker can then read contents from Web sites to which users had access but the attacker cannot view.

A vulnerability that involves how Internet Explorer represents the origin of a file in the File Download dialog box. This flaw can make it possible for an attacker to misrepresent the source of a file that is offered for download in an attempt to trick users into accepting a file download from an untrusted source and believing it to be coming from a trusted source.

A newly discovered variant of the "Frame Domain Verification" vulnerability that is described in the following Microsoft Security Bulletin:

This variant occurs because of improper domain checking when frames are invoked in conjunction with the Object tag. Because of this behavior, this vulnerability can make it possible for a malicious Web site operator to open two browser windows, one in the Web site's domain and the other on the user's local file. They can then pass system information from the latter to the former. This makes it possible for the Web site operator to read, but not change, any file on the user's local computer that can be opened in a browser window. Additionally, this particular variant can also make it possible for an attacker to start, but not pass parameters to, an executable file (.exe) on the local computer. This is much like the "Local Executable Invocation via Object tag" vulnerability that is described in the following Microsoft Security Bulletin:

Like the original variant, this vulnerability makes it possible for an attacker to create a Web page that, when opened, would run in the Local Computer zone. This means that it can run with fewer restrictions than it would in the Internet zone.

In addition, the patch that is described in this article sets the "Kill Bit" on the MSN Chat ActiveX control that is described in Microsoft Security Bulletin MS02-022 as well as the TSAC ActiveX control that is described in Microsoft Security Bulletin MS02-046.This has been done to make sure that vulnerable controls cannot be introduced onto users’ systems. Microsoft recommends that customers who use the MSN Chat control make sure that they have applied the updated version of the control discussed in MS02-022:

For additional information about using the "kill bit" to stop an ActiveX control from running in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to Stop an ActiveX Control from Running in Internet Explorer

For additional information about known issues that can occur when you install this update, click the article number below to view the article in the Microsoft Knowledge Base:

325192 Issues After You Install Updates to Internet Explorer or Windows

For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The Internet Explorer 5.01 version of this update is for Windows 2000 only and is also available in Windows 2000 Service Pack 3 (SP3). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Installation Information

The Internet Explorer 5.5 version of this update requires Internet Explorer 5.5 Service Pack 2 (SP2) or Service Pack 1 (SP1). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

276369 How to Obtain the Latest Service Pack for Internet Explorer 5.5

The Internet Explorer 5.01 version of this update is for Windows 2000 only and requires Windows 2000 Service Pack 2 (SP2). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

You must restart your computer after you apply this update. This package supports the following switches:

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:<path> Specifies the target folder for extracting files.

/c Extracts the files without installing them.

/c:<path> Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Restart if a restart is required - Automatically restarts the computer if it is required to complete installation.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

For example, the file name /q:a /r:n command installs the update without any user intervention, and then it does not force the computer to restart.

WARNING: Your computer is vulnerable until you restart it and log on as an administrator to complete the installation.

NOTE: You cannot successfully install this update on Windows XP-based computers in non-interactive mode (for example, by using Windows Task Scheduler, Microsoft Systems Management Server, or Tivoli software from from IBM). Microsoft is researching this problem and will post more information in this article when the information becomes available.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.